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COMPUTER  NETWORK  ATTACK  AS  A  TOOL  FOR  THE  OPERATIONAL 

COMMANDER 


ABSTRACT 


Computer  network  attack  provides  the  capability  for  an  attack  to  be  carried  out  at 
the  speed  of  light,  effortlessly  across  international  boundaries.  It  has  the  potential  to 
provide  the  Operational  Commander  additional  capabilities  along  the  entire  spectrum  of 
warfare  from  deterrence  to  combat  operations.  Key  enemy  systems,  including  radar,  air 
traffic  control  and  communications  have  the  potential  to  be  rapidly  removed  from 
operation  without  having  to  move  a  single  plane,  put  U.S.  personnel  in  harms  way  or 
expend  expensive  precision  guided  munitions.  However,  the  law  of  armed  conflict  and 
other  international  laws  raise  legal  issues  that  potentially  limit  the  implementation  of  this 
new  weapon.  The  Operational  Commander  must  be  knowledgeable  of  the  basis  of  the 
legal  issues  so  that  suitable  network  attack  targets  can  be  selected  during  the  operational 
plan  development,  targets  against  which  an  attack  plan  can  be  developed  and  approved  in 
the  time  period  required  to  support  the  attack’s  employment  in  the  conflict. 
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I.  INTRODUCTION 


Military  weapons  and  strategy  reflect  the  politics,  economy  and,  perhaps  most 
importantly,  the  technology  of  a  given  society.  Hence,  it  is  not  surprising  the  improvements  in 
computers,  communications,  and  other  electronic  data  processing  systems  that  are  changing 
society  are  also  changing  military  thinking  and  planning.1  The  genesis  for  this  change  is  that 
virtually  every  industry  and  civil  infrastructure  has  integrated  inexpensive,  extremely  capable 
data  processing  systems  and  computer  networks  into  its  organizations  in  an  effort  to  improve 
product  quality  or  production  efficiency.  This  integration,  while  increasing  efficiency  and 
productivity,  has  created  dependencies  on  computer  networks  that  did  not  historically  exist.  In 
many  instances,  integration  of  computers  and  networks  has  become  so  complete  that  failure  or 
disruption  of  a  system  causes  entire  processes  to  come  to  a  grinding  halt.  An  example  of  this  was 
demonstrated  during  a  1997  exercise  called  Eligible  Receiver.  During  this  evolution,  hackers 
from  the  National  Security  Agency  proved  they  could  cause  power  outages  and  911  emergency 
system  overloads  in  a  number  of  cities,  gain  “supervisory”  access  to  military  networks,  and 
disrupt  e-mail  and  phone  traffic. 2 

The  above  exercise  demonstrates  the  U.S.  had  the  capability  for  computer  network 
warfare  years  ago,  yet  it  has  failed  to  materialize  as  a  viable  tool  for  the  Operational 
Commander.  This  paper  argues  that  legal  issues  resulting  from  the  application  of  the  law  of 
armed  conflict  and  other  international  law  are  the  primary  rationale  behind  the  lack  of  network 
attack  capability.  While  there  is  little  the  Operational  Commander  can  do  to  alter  a  network 
attack’s  legal  review  process,  understanding  the  basis  of  the  legal  issues  can  be  of  significant 
benefit.  With  this  knowledge,  the  Operational  Commander  can  provide  direction  for  network 
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attack  target  selection  which  minimizes  potential  legal  issues  and  therefore  maximizes  the 
potential  for  an  attack  to  be  approved  and  ready  to  implement  when  required. 

II.  INFORMATION  WARFARE 

The  media  has  an  inexhaustible  reservoir  of  labels  to  describe  the  concept  of  computers 
as  a  warfare  weapon.  Since  each  one  means  different  things  to  different  people,  some 
clarification  is  required  before  going  too  much  further.  A  good  working  definition  of 
Information  Warfare  (IW)  is  provided  by  the  Air  Force  as:  any  action  to  deny,  exploit,  corrupt  or 
destroy  the  enemy’s  information  and  its  functions  while  protecting  assets  against  those  actions 
and  exploiting  its  own  military  operations.  A  simplified  version  of  this  is:  disrupt  the  enemy’s 
information  or  information  flow  while  protecting  your  own.  In  order  to  better  understand  what 
IW  encompasses,  it  can  be  broken  into  four  basic  categories:  intelligence  (gathering  of  electronic 
information),  offensive  computer  weaponry  (modifying  internal  software  or  hardware  to  cause 
the  enemy’s  computer  to  behave  other  than  expected),  directed  energy  type  weaponry  (such  as 
electro-magnetic  pulse  weapons),  and  psychological  operations  (propaganda,  computer  enhanced 
misinformation).4  While  all  categories  of  IW  are  important  to  the  Operational  Commander,  the 
focus  herein  has  been  narrowed  to  offensive  computer  weaponry,  specifically  the  use  of 
computer  network  attacks  as  a  weapon  during  conflict. 

The  establishment  of  a  computer  network  defense  mission  for  U.S.  Space  Command  in 
1999  is  indicative  of  the  priority  the  U.S.  has  placed  on  protecting  its  systems.  While  the  U.S. 
Military  has  practiced  defensive  actions  at  various  levels  for  years,  this  new  mission  will  create  a 
single  source  of  network  defense  expertise  and  direction.  And  recently,  to  compliment  the 
computer  network  defensive  mission,  the  military  has  announced  an  offensive  stance  in  an  effort 


2 


to  exploit  the  vulnerabilities  of  potential  enemies.5  The  mission  of  computer  attack  has  been 
formally  assigned  to  the  U.S.  Space  Command  beginning  October  2000.  This  new  mission  will 
include  helping  U.S.  commands  around  the  world  in  information  warfare  attacks  with  the  goal  of 
disrupting  and  degrading  enemy  systems.  However,  as  the  concept  of  offensive  network 
warfare  becomes  institutionalized,  many  legal  questions  are  being  raised.  The  issues  are  a  result 
of  applying  the  Law  of  Armed  Conflict  (LOAC)  and  other  international  law  to  encompass  a 
weapon  whose  delivery  mechanism  and  capabilities  were  not  conceived  when  the  laws  were 
developed. 

The  legal  issues  that  arise  from  network  warfare  during  conflict  are  centered  around  a 
number  of  areas.  These  include  the  definition  of  an  armed  attack  when  applied  to  a  computer 
attack,  the  selection  of  potential  targets  and  their  evaluation  against  the  LOAC,  and  aspects  of 
neutrality,  sovereignty  and  foreign  national  law.  Similar  problems  surface  when  applying  the 
concept  of  network  attack  during  peacetime,  or  the  non-hostility  phase  of  a  conflict.  Regardless 
of  the  phase,  few  parallels  can  be  drawn  to  standard  kinetic  weapons  and  procedures  currently  in 
practice. 

in.  NETWORK  WARFARE  AND  INTERNATIONAL  LAW 

A.  PRE-HOSTILITIES 

Prior  to  force  being  used,  a  wide  variety  of  actions  are  typically  implemented  in  an  effort 
to  coerce  or  deter  a  belligerent  state.  These  actions,  known  as  flexible  deterrent  options,6  range 
from  economic  sanctions  to  diplomatic  initiatives.  They  provide  the  Operational  Commander 
considerable  latitude  without  resorting  to  the  use  of  force.  The  addition  of  network  attack  could 
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provide  an  additional  set  of  alternatives  to  help  deter  a  particular  nation.  One  could  envision  an 
information  sanction  similar  to  an  economic  sanction  or  the  generation  of  civil  unrest  against  the 

#  n 

current  government  by  disrupting  infrastructure  services.  However,  use  of  these  actions  during 
non-hostility  operations  bring  up  issues  that  include:  What  is  an  armed  attack?  At  what  point 
does  it  become  an  armed  attack  and  violate  the  United  Nations  Charter  prohibition  on  the  use  of 
force?8  What  will  be  the  world  opinion  to  information  operations  during  non-hostility  periods? 

An  answer  to  the  first  question  is  readily  available;  an  armed  attack  in  the  information 
world  is  generally  defined  as  data  manipulation  that  results  in  destructive  effects  that  are 
indistinguishable  from  those  caused  by  traditional  (kinetic)  weapons.9  The  second  question  is 
more  difficult  since  there  is  very  little  guidance  on  small,  low  level  network  attacks.  However, 
many  believe  these  lower  scale  attacks  will  be  judged  by  the  international  community  by  their 
results.10  For  example,  an  attack  that  causes  disruption  to  an  administrative  database  would  be 
difficult  to  be  labeled  as  an  armed  attack.  But  one  that  disrupted  a  nation’s  air  traffic  control,  or 
significant  portions  of  a  power  distribution  system,  and  resulted  in  civilian  deaths  would 
probably  be  determined  an  armed  attack. 

On  the  other  end  of  the  spectrum,  there  are  some  that  feel  any  implementation  of 
computer  attacks  during  peacetime  as  deterrence  or  as  part  of  a  plan  to  affect  decisions  of  a 
rogue  state  may  be  viewed  as  terrorism  by  the  international  community.1 1  This  unknown 
reaction  by  the  international  community  and  lack  of  any  legal  guidance  for  implementing  various 
levels  of  attack  have  the  potential  to  negatively  bias  the  pre-hostility  network  attack  decision 
process.  The  bias  could  cause  delays  in  the  approval  process,  curtail  the  severity  (effectiveness) 
of  attacks,  or  perhaps  prohibit  them  altogether. 
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B.  THE  USE  OF  FORCE 


The  United  Nations  Charter  is  the  primary  international  document  which  provides 
circumstances  when  the  use  of  force  is  authorized.  Articles  39  (United  Nations  sanctioned)  and 
51  (self  defense)  state  respectively: 

“The  Security  Council  shall  determine  the  existence  of  any  threat  to  the  peace, 
breach  of  the  peace,  or  act  of  aggression  and  shall  make  recommendations,  or 
decide  what  measures  shall  be  take. .  .to  maintain  or  restore  international  peace 
and  security.” 12 

and 

“Nothing  in  the  present  Charter  shall  impair  the  inherent  right  of  individual  or 
collective  self  defense  if  an  armed  attack  occurs  against  a  member  of  the  United 
Nations,  until  the  Security  Council  has  taken  measures  necessary  to  maintain 
international  peace  and  security.” 13 

When  force  is  deemed  necessary  and  authorized,  it  must  follow  a  collection  of 
international  laws,  customs  and  treaties  commonly  referred  to  as  the  Law  of  Armed  Conflict 
(LOAC).14  The  LOAC  serves  to  limit  destructiveness  during  war  by  protecting  noncombatants 
and  their  property,  providing  humane  treatment  or  prisoners  and  limiting  the  types  of  weapons 
that  can  be  used  against  an  enemy.  It  is  generally  broken  down  into  four  main  principles: 
military  necessity,  humanity,  proportionality  and  chivalry,  which  are  summarized  below: 

-  Military  necessity:  The  essence  of  this  concept  is  that  capability  for  destruction  does  not 
translate  into  authorization  for  destruction.  Military  personnel/equipment  and  civilian 
personnel/property  that  make  a  direct  contribution  to  the  war  effort  may  be  attacked.  However, 
deliberately  applying  more  force  than  what  is  required  to  achieve  this  objective,  such  as  trying  to 
kill  surrendering  enemy  combatants,  is  a  violation. 
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-  Humanity:  This  concept  seeks  to  prohibit  unnecessary  suffering  by  prohibiting  indiscriminate 
weapons  which  do  not  differentiate  between  military  and  civilian  personnel  and  property.  One 
of  the  many  treaties  and  laws  that  make  up  the  LOAC  that  is  particularly  relevant  to  humanity  is 
the  Protocol  I  Additional  to  the  Geneva  Convention.  It  refines  the  humanitarian  concept  and 
provides  specific  rules  for  the  protection  of  noncombatant  civilians.15  Although  the  U.S.  has 
never  ratified  Protocol  I,  it  is  generally  recognized  that  most  of  the  articles  dealing  with  the 
protection  of  the  civilian  population  deserve  treatment  as  customary  international  law. 16 

-  Proportionality:  This  principle  attempts  to  ensure  the  ends  justify  the  means.  It  states  that 
attacks  may  be  carried  out  against  lawful  military  targets  even  if  some  collateral  damage  and 
incidental  injury  is  foreseeable  as  long  as  the  damage  is  not  disproportionate  to  the  military 
advantage  of  the  target.  Proportionality  gives  the  Commander  the  responsibility  to  determine  if 
incidental  injuries  and  collateral  damage  are  excessive  based  on  a  reasonable  assessment  of  the 
facts  available  at  the  time  of  the  attack.  Another  significant  aspect  of  this  rule  is  that  the 
defender  has  the  responsibility  to  separate  troops  and  equipment  from  noncombatants  and 
civilian  property. 

-  Chivalry:  Chivalry  provides  for  war  to  be  carried  out  with  recognized  rules  and  courtesies. 
For  example,  with  few  exceptions,  only  members  of  a  nation’s  armed  forces  can  use  force 
against  an  enemy.  They  must  distinguish  themselves  from  noncombatants  and  cannot  use 
noncombatants  or  civilian  property  as  a  shield.  It  also  establishes  that  perfidy,  or  faking 
surrender,  is  not  legal  and  that  use  of  certain  visual  and  electronic  symbols  identifying 
persons/property  exempt  from  attack,  such  as  wounded  and  sick  and  medical  personnel,  vehicles 
and  vessels  is  also  prohibited. 


6 


IV.  APPLICATION  OF  THE  LAW  OF  ARMED  CONFLICT  TO  NETWORK  ATTACK 

An  implication  of  network  attack  is  that  the  attacker  probably  will  not  be  physically 
present  where  the  effects  of  the  attack  are  being  felt.  Additionally,  the  means  of  attack  may  not 
be  present  either.  These  aspects  will  complicate  the  application  of  the  LOAC,  which  was 
developed  in  response  to  territorial  invasions  and  kinetic  weapons  the  victim  could  see,  and 
whose  source  was  readily  apparent.17 

The  application  of  the  concept  of  necessity  for  a  network  attack  is  very  similar  to  its 
application  for  a  kinetic  weapon  attack.  When  force  is  authorized,  military  networks  are 
obviously  lawful  targets.  However,  in  order  to  attack  civilian  systems  there  must  be  a  definite 
military  advantage,  or  necessity,  realized  from  the  attack.  For  example,  during  conflicts  which 
last  only  months,  it  would  be  difficult  to  justify  attacking  economic  and  production  centers, 
which  have  little  effect  on  a  short  duration  conflict.  The  same  targeting  analysis  must  be 
performed  for  network  attacks  as  for  kinetic  weapon  attacks.18 

Proportionality  presents  one  of  the  more  significant  challenges  to  information  warfare. 
The  coupling  of  incredible  destructiveness  with  virtually  no  physical  damage  raises  questions  as 
to  what  will  be  accepted  as  “proportional”  in  the  eyes  of  the  international  community. 
Infrastructure  and  communication  systems,  such  as  emergency  medical,  police  and  fire  are 
becoming  increasingly  interdependent.  The  unknown  interdependence  of  these  systems  and 
potential  cascading  effects  into  other,  unforeseen  areas  introduce  uncertainties  into  the  network 
attack  damage  estimation  process.19  The  uncertainties  make  estimations  by  the  Commander 
regarding  proportionality  extremely  difficult.  One  concept  to  counter  this  uncertainty  is  to  stage 
“mini”  network  attacks  to  quantify  the  network  vulnerabilities  before  staging  a  debilitating 
attack.  Although  this  may  be  feasible  in  some  circumstances,  the  difficulties  in  staging  a  small- 
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scale  attack  with  similar  characteristics,  coupled  with  the  difficulties  of  assessing  impact  and 
damage  of  the  “mini”  attack,  will  rarely  make  this  a  viable  option.  Additionally,  a  mini  attack 
may  alert  the  enemy  to  your  intentions  and  make  them  aware  of  their  vulnerabilities. 

When  carrying  out  network  attacks,  the  rule  of  humanity  poses  problems  similar  to  those 
posed  by  proportionality  which  are  the  unforeseen  consequences  resulting  from  the  unknown 
interdependence  of  systems.  For  example,  an  enemy  air  control  system  may  be  the  target  of  a 
network  attack.  But,  if  that  air  control  system  is  linked  with  a  civilian  air  control  system, 
numerous  civilians  could  be  at  risk,  and  the  international  community  would  not  view  the  attack 
favorably. 

Protocol  I  to  the  Geneva  Convention  contains  many  provisions  applicable  to  a  network 
attack  which  must  be  complied  with  regarding  the  protection  of  civilians  and  which  potentially 
restrict  the  method  and  target  selection  of  an  attack.  One  of  the  more  relevant  provisions, 
which  provides  protection  against  indiscriminate  attack,  is  found  in  article  51(4)  which  states: 

Indiscriminate  attacks  are  prohibited.  Indiscriminate  attacks  are: 

(a)  those  which  are  not  directed  at  a  specific  military  objective; 

(b)  those  which  employ  a  method  or  means  of  combat  which  cannot  be  directed  at 
a  specific  military  objective;  or 

(c)  those  which  employ  a  method  or  means  of  combat  the  effects  of  which 

0 1 

cannot  be  limited  as  required  by  this  Protocol. 

Additionally,  part  of  article  57  2  (b)  requires  an  attack  to  be  canceled  or  suspended  if  it  becomes 
apparent  the  object  is  not  a  military  one.  The  criteria  could  cause  constraints  to  be  imposed  on 
the  type  of  attacks  available.  The  commercial  sector  has  shown  that  computer  viruses  are 
extremely  “indiscriminate”  in  the  way  they  propagate  and  would  be  difficult,  if  not  impossible, 
to  cancel  or  recall  once  initiated. 
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The  concept  of  chivalry  serves  to  protect  civilian  and  other  noncombatant  personnel,  such 
as  those  attending  the  sick  and  wounded.  It  was  developed  when  enemies  could  see  each  other 
and  clothing  (uniforms),  vehicle  and  vessel  markings  were  used  as  distinguishing  features  from 
noncombatants.  Although  the  long  distance  potential  of  network  attacks  makes  the  wearing  of 
uniforms  of  little  importance,  chivalry  places  restraints  on  the  Commander  when  carrying  out  an 
attack.  The  LOAC  requires  combatants  be  trained  in  the  law  of  war,  serve  under  effective 
discipline,  and  be  under  the  command  of  officers  responsible  for  their  conduct.  The  DoD  Office 
of  the  General  Counsel  concluded  that  these  elements  of  the  LOAC  require  information  warfare 
operations  be  conducted  only  by  uniformed  forces.23  Since  significant  expertise  is  required  to 
implement  an  information  attack  and  active  duty  forces  are  constantly  shrinking,  particularly 
those  with  information  technology  expertise,  this  rule  will  be  challenging  to  meet. 

Other  aspects  of  chivalry  that  must  be  carefully  evaluated  are  ruses  and  misinformation. 
As  information  warfare  makes  these  acceptable  tactics  increasing  easier  to  implement,  each  must 
be  individually  evaluated.  A  “misinformation”  attack  such  as  changing  the  enemy’s  database  to 
show  U.S.  troops  are  a  hospital  base  or  neutral  county  forces  is  clearly  a  violation.  However,  the 
LOAC  implications  concerning  other  subtle  attacks,  such  as  changing  enemy  databases  so  that 
attacking  forces  electronically  appear  to  be  friendly  forces  are  very  nebulous.24  This  particular 
type  of  network  attack  could  arguably  be  viewed  under  the  prohibition  of  attacking  while 
wearing  enemy  uniforms. 

V.  OTHER  INTERNATIONAL  LAWS,  TREATIES  AND  CHARTERS 

The  ability  of  electronic  signals,  which  have  the  potential  to  represent  an  armed  attack,  to 
cross  international  boundaries,  presents  significant  challenges  regarding  sovereignty  and 
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neutrality.  Sovereignty  has  been  a  fundamental  part  of  international  law  since  the  Treaty  of 
Westphalia  of  1648.  It  provides  that  nations  have  exclusive  authority  over  all  events  within  their 
borders.  The  situation  network  attack  brings  to  the  table  is  utilization  of  communication  lines. 
While  a  nation  may  have  agreed  to  international  communication  connections,  the  transformation 
of  their  communications  system  into  a  delivery  vehicle  for  an  armed  attack  by  an  outside  state  is 
a  significant  infringement  of  their  sovereignty. 

Closely  coupled  with  sovereignty  is  the  right  of  neutrality  of  a  State.  The  Hague 
Convention  determined  the  territory  of  a  neutral  state  is  inviolable.25  This  implies  that  using  a 
neutral  country’s  networks  or  communication  lines  as  a  transport  path  to  carry  out  a  network  attack 
would  violate  the  country’s  neutrality  rights  similar  to  aircraft  flying  over  a  neutral  country’s 
airspace.  Using  the  Hague  convention  as  a  basis,  proponents  argue  that  a  neutral  power  is  not 
required  to  restrict  the  use  on  behalf  of  the  belligerents  of  telephone  cables  or  of  wireless  telegraphy 
equipment  belonging  to  it  or  to  companies.26  The  difficulty  with  this  argument  is  that  the  Hague 
Convention  was  convened  in  1907.  At  that  time  telegraphy  equipment  only  enhanced 
communications  and  it  was  not  conceived  that  telephone  lines  could  be  the  delivery  vehicle  (or 
pathway)  of  an  armed  attack.  A  modem  application  could  interpret  the  usage  of  a  neutral  country’s 
communication  lines  as  a  violation  of  its  neutrality  and  hence,  make  it  susceptible  to  attack. 

Foreign  national  law  is  another  hurdle  the  Operational  Commander  must  circumvent  to 
wage  network  attack.  The  U.S.  has  been  very  successful  at  getting  foreign  countries  to  support 
rigorous  computer  intrusion  laws.27  These  laws  must  be  taken  into  consideration  when  U.S. 
forces  are  deployed  to  a  foreign  country.  One  concern  is  that  if  network  attacks  are  a  violation  of 
foreign  national  law,  the  persons  issuing  the  order  and  those  executing  it  may  be  criminally 
liable.  Although  Status  of  Forces  Agreements  (SOFA)  between  the  U.S.  and  host  countries 
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normally  provide  complete  immunity  for  host  country  laws  for  U.S.  personnel  performing 

official  duties,  we  do  not  have  SOFAs  with  most  countries  and  one  may  not  be  obtainable  in  time 

to  support  an  operation.  In  addition,  the  Operational  Commander  may  feel  obligated  to  conduct 

operations  within  the  host  nation’s  law,  even  though  he  may  be  legally  exempt.  Wording  is 

included  in  most  U.S.  SOFAs  similar  to  Article  II  of  the  NATO  SOFA  which  states: 

“It  is  the  duty  of  a  force  and  its  civilian  component  and  the  members  there  of  as 
well  as  their  dependents  to  respect  the  law  of  the  receiving  State. . .” 28 

The  result  is  that  since  it  is  unlikely  the  U.S.  will  violate  a  host  nation’s  law,  the  Commander 
will  be  restricted  in  his  ability  to  implement  a  network  attack. 29 

VL  NETWORK  ATTACKS  DURING  THE  KOSOVO  CONFLICT 

The  Kosovo  conflict  demonstrated  that  the  U.S.  has  not  been  completely  paralyzed  by  the 
legal  swirl  around  offensive  network  warfare  as  a  combat  weapon.  General  Shelton,  Chairman 
of  the  Joint  Chiefs  of  Staff,  recently  informed  the  media  that  the  U.S.  waged  Information 
Warfare  as  part  of  the  NATO  bombing  campaign  against  Yugoslavia  in  the  spring  of  1999. 30 
However,  success  of  the  attack,  which  was  designed  to  insert  false  images  and  targets  in  the 
enemy  air  defense  networks,  was  difficult  to  ascertain.  Although  all  elements  were  in  place, 
political  hesitations  prevented  the  operation  from  beginning  when  the  conventional  bombing 
started.  By  the  time  the  attack  was  initiated,  damage  to  command  lines  and  other  systems  by 
conventional  weapons  made  assessment  of  the  network  attack  damage  “difficult.”31 

While  not  completely  paralyzed,  it  is  obvious  that  a  network  attack  on  one  system  after  it 
was  mostly  destroyed  by  kinetic  weapons  is  not  utilizing  network  warfare  to  it  full  potential. 
General  Wesley  Clark,  NATO  Supreme  Commander  in  Europe,  criticized  the  U.S.  Kosovo 
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strategy  and  commented  that  more  could  have  been  done  to  “electronically  isolate”  Milosevic 
and  perhaps  even  get  him  to  surrender  before  the  bombing  campaign  started.32  And  recently, 
Pentagon  officials  have  admitted  an  all  out  computer  attack  on  Serbian  networks  was  withheld 
due  to  uncertainties  and  limitations  in  the  emerging  field  of  information  warfare.33  Besides  legal 
issues,  other  factors  have  surfaced  that  could  have  played  a  significant  role  in  curtailing  network 
warfare’s  implementation  during  the  Kosovo  operation. 

Some  military  analysts  believe  the  U.S.  was  as  concerned  about  the  prospective  loss  of  its 
technological  lead  as  it  was  about  legal  issues  associated  with  computer  attacks.34  Once  the  U.S. 
demonstrates  its  potential,  enemies  could  easily  and  cheaply  develop  defenses  and  duplicate  the 
capability.  The  potential  for  the  enemy  to  retaliate  with  computer  network  attacks  of  its  own  is 
another  operational  reason  to  carefully  weigh  the  decision  to  initiate  a  network  attack.35  Other 
reasons  put  forward  for  the  minimal  computer  attack  effort  in  Kosovo  include  the  untested  state 
of  the  U.S.  arsenal,36  the  lack  of  a  national  strategy,37  and  the  IW  operations  approval  cycle, 
which  Major  General  Ronald  Keys,  the  U.S.  European  Command’s  director  of  operations  for  the 
Kosovo,  identified  as  a  “religious  experience.” 38  But  as  will  be  seen,  some  of  the  rationale  given 
for  the  limited  network  warfare  implemented  in  Serbia  are  at  least  indirectly  linked  to  network 
warfare’s  legal  issues. 

The  lengthy  IW  approval  process  cited  by  General  Keys  was  a  significant  drawback  in 
the  computer  attack  operations  in  Kosovo.  Comments  by  General  Richard  Myers  provide  insight 
on  the  cause  of  the  problems  when  he  stated  “We  worked  through  some  policy  and  legal  issues 
during  Kosovo  that  will  hopefully  help  us  in  the  future.”39  While  the  practice  of  attacks 
undergoing  legal  reviews  is  not  new,  in  fact  during  the  Persian  Gulf  War,  every  target  underwent 
a  legal  review,40  computer  attacks  are  different.  There  is  a  vast  mismatch  between  technological 
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development  (what  we  can  do)  and  legal  development  (what  is  humane  and  legal).41  The  result 
is  a  lengthy  review  process  which  delays  the  network  attack  targeting  approval  cycle.  This 
lengthy  approval  cycle  also  impedes  the  establishment  of  a  ready,  tested  “arsenal”  of  preplanned 
attacks  that  can  be  utilized  during  future  conflicts. 

The  void  of  a  national  IW  strategy  is  due,  at  least  in  part,  to  a  reluctance  to 
“institutionalize”  the  concept  resulting  from  political  and  policy  concerns.42  These  concerns 
stem  from  the  unknown  political  reaction  of  the  international  community,  which  includes  the 
legality  element  of  an  attack.  For  the  limited  operation  in  Kosovo,  it  is  difficult  to  ascertain  the 
lack  of  a  national  IW  strategy’s  impact  on  network  attack  operations,  however,  it  has  been 
formally  addressed  by  assigning  the  U.S.  Space  Command  the  computer  attack  mission,  which 
will  include  forming  a  national  strategy.43 

However,  not  all  the  reasons  stated  earlier  for  the  limited  network  attacks  are  associated 
with  legal  issues.  The  idea  that  the  U.S.  is  withholding  network  attacks  out  of  fear  the  enemy 
will  learn  the  United  States’  capabilities  and  develop  a  defense  or  duplicate  ability  has  nothing  to 
do  with  legal  issues,  but  it,  too,  can  also  be  discounted.  In  a  global  economy,  money  can  buy  the 
best  computer  talent  in  the  world.  States  have  no  need  to  duplicate  the  U.S.  capability,  they  can 
build  their  own,  cheaply  and  easily.  Additional  rationale  for  discounting  this  explanation  is 
networks  are  generally  unique  and  has  different  strengths  and  vulnerabilities  from  a  security 
standpoint.  An  adversary  would  leam  little  by  studying  an  attack  on  a  particular  system  because 
that  weakness  may  not  even  exist  on  their  system 

Network  attack  retaliation  is  another  factor  that  could  have  influenced  implementation  of 
an  offensive  of  network  attack.  As  the  most  computer  and  information  dependent  country  in  the 
world,  and  with  numerous  military  systems  relying  on  civilian  infrastructure,  the  U.S.  is  also  the 
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most  vulnerable  to  network  attack.  Military  sources  have  said  that  if  the  U.S.  cannot  defend  or 
adequately  counter  a  network  attack,  it  probably  will  not  initiate  one.44  The  flaw  with  this 
rationale  is  it  assumes  an  adversary  will  retaliate  a  computer  attack  with  a  computer  attack.  There 
is  no  basis  for  this  assumption.  If  an  adversary  is  going  to  retaliate,  they  will  use  whatever  means 
available  to  achieve  their  ends,  regardless  of  how  the  attack  was  initiated.  Of  course,  if  the 
original  attack  was  not  viewed  as  legal,  the  international  community  would  condemn  the  illegal 
attack  and  it  could  be  used  as  justification  for  an  adversary  to  retaliate  in  any  manner  he  is  able. 

Perhaps  the  strongest  factor  outside  of  the  legal  issues  for  the  limited  network  attack  was 
the  Yugoslavia  infrastructure.  An  underlying  assumption  for  computer  attack  as  a  method  of 
warfare  is  that  the  infrastructure  and  military  support  systems  are  computerized  and  networked, 
hence,  are  vulnerable  to  a  computer  attack.  Some  sources  have  said  that  this  mold  did  not  apply 
to  Yugoslavia.45  This  factor  is  of  particular  significance  because  if  this  method  of  warfare  did  not 
apply  to  Yugoslavia,  it  probably  will  not  apply  to  the  majority  of  future  small,  regional  conflicts. 

Although  not  identified  as  a  factor  in  the  Kosovo  operation,  another  factor  that  has  the 
potential  to  influence  network  warfare  is  a  relatively  new  phenomenon:  the  public’s  increasing 
sensitivity  to  casualties  46  On  the  surface,  this  phenomenon  would  seem  to  support  network 
attack  as  the  weapon  of  choice.  As  General  Richard  Myers,  Commander  in  Chief  of  Space 
Command  said, 

“[information  warfare]  might  be  a  very  elegant  way  to  do  it  as  opposed  to 
dropping  a  2,000-pound  bomb  on  Radars  for  instance. .  .preventing  casualties  on 
our  side  and  collateral  damage  on  the  adversary’s  side.”  47 

The  results  of  this  hypersensitivity  have  already  been  seen  in  Somalia,  where  the  image  of  a  dead 
U.S.  soldier  provided  the  impetus  for  U.S.  withdrawal  from  that  country.48  But,  on  the  other 
hand,  an  unforeseen,  cascading  effect  of  a  network  attack  which  causes  civilian  suffering  or 
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death,  such  as  the  scrambling  of  administrative  data  bases  at  a  hospital  which  cause  the  wrong 
treatments  to  be  administered,  could  cause  a  public  backlash  on  the  use  of  computer  attack  as  a 
weapon.  In  the  extreme  case,  a  catastrophic  cascading  effect  could  place  a  network  attack  in  the 
category  of  a  weapon  of  mass  destruction.  Since  the  detailed  knowledge  of  an  adversary’s 
computer  systems  is  seldom  known,  the  concern  of  a  negative  public  response  may  cause 
reluctance  to  initiate  the  aggressive  attacks  required  to  achieve  measurable  results. 

vn.  CONCLUSION 

The  requirements  of  the  LOAC  place  restrictions  on  the  implementation  of  network 
attacks.  The  inability  to  determine  when  lower  level  attacks  will  be  judged  “armed  attacks” 
limits  their  potential  use  prior  to  hostilities  erupting.  The  prediction  of  collateral  damage  prior 
to  an  attack,  which  is  necessary  to  ensure  the  requirements  of  proportionality  are  met,  is 
especially  difficult  when  civil  and  military  systems  are  either  networked  or  share  computer 
resources.  Additionally,  the  unforeseen  propagation  of  some  types  of  attacks,  such  as  viruses, 
could  be  deemed  indiscriminate  and  limit  their  applicability  to  only  a  limited  number  of  enemy 
systems.  All  these  factors  taken  together  serve  to  make  the  network  attack  legal  review  process 
so  lengthy  and  stringent  that,  pending  significant  improvements  in  our  ability  to  isolate  and 
localize  effects,  few  attacks  will  ever  be  deemed  legal. 

Examples  of  methods  to  maximize  network  warfare’s  potential  in  today’s  setting  include 
the  consideration  of  network  attack  during  the  early  planning  stages,  so  potential  targets  can  be 
identified,  researched,  and  an  attack  plan  developed  and  approved.  If  time  is  a  factor,  targets 
which  have  minimal  legal  implications  (pure  military  systems  or  those  least  likely  to  cascade  into 
civilian  systems)  should  be  identified  first.  These  targets  will  have  the  greatest  probability  of 
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having  an  attack  available  in  the  time  required  to  support  an  operation.  Additionally, 
establishing  a  priority  based  on  phasing  (when  the  attack  is  required)  vice  the  military 
significance  may  be  useful  to  enhance  the  probability  the  attack  will  be  available  when  the 
optimum  time  to  execute  it  arrives. 

The  aspects  of  sovereignty  and  neutrality  must  be  addressed  early  in  the  conflict  planning 
phase  and  either  resolved  or  limitations  established  so  that  effort  is  not  wasted  on  attack  planning 
that  will  never  be  implemented.  The  resolution  of  these  issues  may  require  significant  time, 
resources  and  other  agency  assistance.  These  issues  may  ultimately  require  network  attacks  be 
initiated  from  a  different  geographic  location  than  the  conflict,  increasing  the  Command  and 
Control  complexity. 

The  selection  of  targets  by  the  Operational  Commander  can  also  play  an  essential  role  in 
the  future  acceptability  of  network  attack  by  the  international  community.  Damage  that  can  be 
readily  assessed  to  network  attacks  and  shown  to  be  more  humane  than  a  kinetic  weapon  attack 
could  be  extremely  valuable.  In  addition  to  the  short-term  political  benefits,  these  types  of 
attacks  could  provide  precedents  that  would  incrementally  expand  the  range  of  acceptance  of 
future  network  attacks. 

Currently  only  our  own  interpretation  and  application  of  the  LOAC  exists  for  guidance 
in  the  legal  evaluation  of  network  attacks.  While  failure  to  apply  the  law  correctly  could  have 
disastrous  results  in  the  international  arena,  failure  to  realize  the  potential  of  this  new  tool  in  the 
battlefield  will  have  equally  disastrous  results  by  producing  unnecessary  casualties  and  collateral 
damage.  By  understanding  the  rationale  behind  the  limitations  imposed  on  network  attacks  and 
the  current  legal  review  process,  the  Operational  Commander  can  maximize  network  attacks  in 
today’s  environment 
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